Commit Graph

22090 Commits

Author SHA1 Message Date
Gustavo Zacarias
3bd38b4eca sudo: security bump to version 1.8.12
Fixes CVE-2014-9680 - A user with sudo access may be able to exploit
parsing bugs in the time zone parsing functions of the system's C
library functions. The user may also be able to read arbitrary files,
potentially causing changes in system behavior when reading certain
device special files or simply causing the program run via sudo to
block.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-17 14:01:14 +01:00
Thomas Petazzoni
b34c63375a gnutls: make sure librt detection doesn't poison the linker flags
Just like we're passing --with-libpthread-prefix, we also need to pass
--with-librt-prefix in order to avoid having the gnutls build system
detect the librt in /usr/lib, and pass -L/usr/lib to the linker flags.

Fixes:

  http://autobuild.buildroot.org/results/fa5/fa58602cb78ffe3ae4ee389ef5cf5a37b7657c4c/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-17 13:58:22 +01:00
Peter Korsgaard
bc11392de7 Update for 2015.02-rc2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-15 23:44:43 +01:00
Fabio Porcedda
ff82572a7f pkg-stats: ignore linux-ext-fbtft.mk and doc-asciidoc.mk
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-15 23:28:55 +01:00
Fabio Porcedda
cd0c7c37c2 pkg-stats: add kconfig and rebar infrastructures
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-15 23:28:44 +01:00
Peter Korsgaard
ea4501da20 qt5bse: configure: fix gold linker detection
Fixes http://autobuild.buildroot.net/results/92c/92c3fb4ddb934115b228652bb8c972bb7459bb40/

While the -fuse-ld=gold flag is related to linking, it is an argument to the
compiler driver to tell it what linker to execute, NOT an option to tell the
linker to behave differently.

So it shouldn't get prefixed with -Wl when passed though the compiler driver.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-15 23:20:12 +01:00
Romain Naour
1cac78fbb0 package/dvdauthor: fix static build
Dvdauthor forget to link witk -lbz2 when linking with freetype2.

Fixes:
http://autobuild.buildroot.net/results/1d8/1d83390a3dd9f6bb595e9fc7b321500b4dc533a8/

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-15 21:26:42 +01:00
Bernd Kuhls
78755fe13c x11r7/xserver_xorg-server: security bump to version 1.16.4
Fixes:

CVE-2015-0255 - Information leak in the XkbSetGeometry request of X servers
http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-15 21:18:59 +01:00
Romain Naour
d45454dbe5 package/libsemanage: add patch to fix Blackfin build issue
libsemanage use the same build system than libselinux,
so it's affected by the same issue.

Fixes:
http://autobuild.buildroot.net/results/39d/39d3460e88a1316ec7dbcd0d67b7fdb992c3fc77

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 22:04:54 +01:00
Romain Naour
aa476ab32c package/libsepol: add patch to fix Blackfin build issue
libsepol use the same build system than libselinux,
so it's affected by the same issue.

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 22:04:48 +01:00
Romain Naour
a45838ab00 package/openvmtools: don't use host library path
Set CUSTOM_PROCPS_LIBS to " " otherwise -L/lib is used by default.

Fixes:
http://autobuild.buildroot.net/results/bff/bff7d8f3ec19ce790f0c88a336d1007e1ff29836/

[Thomas: fix typo in commit log.]

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 22:03:23 +01:00
Vicente Olivert Riera
f87f3d1396 mplayer: fix compilation with new versions of libgif
mplayer fails to compile with the following error message:

libmpdemux/demux_gif.c: In function 'demux_open_gif':
libmpdemux/demux_gif.c:260:3: error: too few arguments to function
'DGifOpen'
   gif = DGifOpen(demuxer->stream, my_read_gif);

Backport an upstream patch to support newer versions of libgif in
mplayer. Unfortunately this patch is incomplete and mplayer stills
failing to compile with a new error message:

libvo/vo_gif89a.c: In function 'uninit':
libvo/vo_gif89a.c:374:3: error: too few arguments to function
'EGifCloseFile'
   EGifCloseFile(new_gif); // also frees gif storage space.

So I have written a new patch and submitted it upstream to finally fix
the problem.

Upstream commit:

  a0ddaef545

New submitted patch:

  https://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2015-February/072848.html

Fixes:

  http://autobuild.buildroot.net/results/a51/a510a0ab2cb827bb91b4fdec43055f2bfda239b1/

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 22:02:29 +01:00
Romain Naour
3f335ed550 package/libssh2: fix zlib library search path issues
Like for lingcrypt and openssl, help the configure script to find
zlib installed in STAGING_DIR.

Otherwise, It might find the one installed on the host:
checking how to link with libz... /usr/lib/libz.so -Wl,-rpath -Wl,/usr/lib

Fixes:
http://autobuild.buildroot.net/results/93b/93b43e114f21a22f0f8b7d7dd6774c089c426cd1

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 22:01:49 +01:00
Frank Hunleth
c485d8a3d1 boards/raspberrypi: update dt kernel sha1
The sha1 used for the DT enabled kernel is no longer available
(presumably, the rpi-3.18.y branch was rebased recently.) This updates
it to the lastest sha1 in the rpi-3.18.y branch.

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 10:11:33 +01:00
Romain Naour
43a643a17c package/openvmtools: fix syncDriverPosix
Backport a patch from Fedora

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 09:17:40 +01:00
Romain Naour
0f79930134 package/openvmtools: configure fix USE_SLASH_PROC
Backport a patch from Fedora

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 09:17:28 +01:00
Frank Hunleth
5c1a75c08f Makefile: update help text for savedefconfig
Updated text to say that the defconfig is written to the BR2_DEFCONFIG
location.

Signed-off-by: Frank Hunleth <fhunleth@troodon-software.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 09:02:51 +01:00
Vicente Olivert Riera
6496d6ccec qt5connectivity: fix for big endian platforms
Add a patch to fix qt5connectivity for big endian platforms.

Building qtconnectivity fails for big endian platforms because the
bswap_16 function is not declared. This is the error message:

In file included from bluez/hcimanager_p.h:52:0,
		 from bluez/hcimanager.cpp:35:
./bluez/bluez_data_p.h: In function 'quint16 bt_get_le16(const void*)':
./bluez/bluez_data_p.h:172:60: error: 'bswap_16' was not declared in
this scope
     return bswap_16(bt_get_unaligned((const quint16 *) ptr));

bswap_16 is defined in byteswap.h so we can include this file in order
to fix this problem.

This patch has been submitted upstream:

  https://bugreports.qt.io/browse/QTBUG-44421

Fixes:

  http://autobuild.buildroot.net/results/5b8/5b85c6819f94988abd8abfcdaad6226ceb2d790a/

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-02-14 08:44:45 +01:00
Thomas Petazzoni
414d7e97a7 python3: fix invalid ncursesw header path
This commit adds a patch to python3 that makes sure it does not use an
invalid header path (pointing to host headers) when including ncursesw
support.

Fixes:

  http://autobuild.buildroot.org/results/9bd/9bdaa392e8dd00c6ebee156b758e3c0cac480237/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@openwide.fr>
Tested-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-12 22:28:17 +01:00
Peter Korsgaard
0b173fd795 dbus: security bump
Fixes CVE-2015-0245. See announcement for details:

http://lists.freedesktop.org/archives/dbus/2015-February/016554.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-12 11:24:54 +01:00
Danomi Manchego
cfa6311d2a ntp: rebase nano patch to apply cleanly
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-12 08:50:32 +01:00
Baruch Siach
f1cdd306e2 git: fix static link with openssl
openssl needs -lz when building statically.

Fixes:
http://autobuild.buildroot.net/results/4b3/4b33f3f415776cf43be0910b583d222711a03cad/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-11 12:26:41 +01:00
Baruch Siach
67b845fcc9 ntp: security bump to version 4.2.8p1
Fixes:

CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
leading to a potential information leak or possibly a crash

CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
Linux), so ACLs based on IPv6 ::1 addresses can be bypassed

Drop a patch applied upstream, along with its accompanied AUTORECONF.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-11 00:35:18 +01:00
Peter Korsgaard
c41229af06 docs/website/news.html: add 2015.02-rc1 announcement link
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 23:50:14 +01:00
Peter Korsgaard
2165267699 Update for 2015.02-rc1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 22:19:45 +01:00
Peter Korsgaard
2013858414 CHANGES: Update with recent changes
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 22:19:45 +01:00
Thomas Petazzoni
5a9dcd09f6 libselinux: add patch to fix Blackfin build issue
Fixes:

  http://autobuild.buildroot.org/results/165/165a227a0a8ecd4cb3f96761aacdf90ae974fea7/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 22:19:45 +01:00
Alex Suykov
7d6790b66a perl: remove poisoned path from dynaloader hints
Fixes
http://autobuild.buildroot.net/results/323a82776cccf17afaa00ebe3483cfc06a06f264/
http://autobuild.buildroot.net/results/7d4cf7b63fda1a062263b7a4e758c699049105af/

Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 22:19:45 +01:00
Romain Naour
6076d9a7a6 package/erlang: fix build issue with pcre package
If the pcre package is build before erlang, the erlang's build
system use pcre.h from pcre package instead of using pcre.h bundled
by Erlang.

Erlang use an old version of this file which is incompatible
with the upstream one.

http://autobuild.buildroot.net/results/cbd/cbd8b54eef535f19d7d400fd269af1b3571d6143/build-end.log

And many more.

Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 21:43:53 +01:00
Vicente Olivert Riera
921a92e0b8 qt5multimedia: Make it compile with no-opengl
Backport an upstream patch to make it compile with no-opengl. Otherwise
it will fail showing an error message like this one:

qpaintervideosurface.cpp:99:47: error: 'QOpenGLContext' has not been
declared

Upstream commit:

  2b181d5469

Fixes:

  http://autobuild.buildroot.net/results/b77/b77cdf9b1cf6cafd5afef7337553bb32489207e5/

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 21:38:59 +01:00
Peter Seiderer
a7f8bf5cfa postgresql: bump version to 9.4.1
See [1] for a detailed list of changes.

[1] http://www.postgresql.org/docs/9.4/static/release-9-4-1.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 21:36:47 +01:00
Yann E. MORIN
8d702aca30 legacy: add missing option for util-linux' wdctl
In 349c9c7 (package/util-linux: add more tool select options), the
util-linux' wdctl option was renamed, but a entry in the legacy menu was
no added.

Add this now.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-08 09:20:29 +01:00
Arnout Vandecappelle
675897d359 qt5webkit: add missing indirect dependency on atomics and !flat
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:25:05 +01:00
Arnout Vandecappelle
eb54123ebc qt5cinex: add missing indirect dependency on libegl
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:24:20 +01:00
Arnout Vandecappelle
25db4b974a enlightenment: add missing indirect dependency on atomics
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:23:53 +01:00
Arnout Vandecappelle
ef8573de1a xscreensaver: add missing indirect dependency on atomics
Also reformat the comment lines and fix the comment.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:23:30 +01:00
Arnout Vandecappelle
454c31103b pinenty: add missing indirect dependency on atomics for gtk2 support
Also remove redundant comment lines.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:22:55 +01:00
Arnout Vandecappelle
0a91527b65 opencv: add missing indirect dependency on atomics for gtk support
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:22:19 +01:00
Arnout Vandecappelle
ceedd670d8 cwiid: add missing indirect dependency on atomics for wmgui
Also add a comment for cwiid itself.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:21:03 +01:00
Arnout Vandecappelle
0ba821c45f php: add missing indirect dependency on !avr32 for mysql extensions
Also fix the comment.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:19:53 +01:00
Arnout Vandecappelle
3b7313439b dovecot: add missing indirect dependency on !avr32 for mysql
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:15:32 +01:00
Arnout Vandecappelle
84a4603cb0 util-linux: add missing indirect dependency on !avr32 for setpriv
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:15:08 +01:00
Arnout Vandecappelle
bacdf4c8e9 oprofile: add missing indirect dependency on NPTL for PPC
[Peter: also adjust comment dependencies]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:14:15 +01:00
Arnout Vandecappelle
2ca1d299ae kodi: add missing indirect dependency on dynamic lib for shairport
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:08:32 +01:00
Arnout Vandecappelle
9fffb57f1f espeak: add missing indirect dependency on atomics for pulseaudio
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:07:09 +01:00
Arnout Vandecappelle
0cd69846a6 libgail: add missing indirect dependency on C++ and atomics
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:06:46 +01:00
Arnout Vandecappelle
63c20b1a9d grantlee: add missing indirect dependency on jscore available
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:06:18 +01:00
Arnout Vandecappelle
9b34853ea5 qemu: add missing indirect dependency on dynamic library for fdt
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:04:17 +01:00
Arnout Vandecappelle
08c763b539 gst1-plugins-base: add missing indirect dependency on atomics for pango
Also removed the redundant indirect dependencies on wchar, threads, mmu
(gstreamer depends on libglib2 so this indirect dependency is obvious).

[Peter: drop wchar+threads from comment as suggested by Jerzy Grzegorek]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:04:06 +01:00
Arnout Vandecappelle
040c15c45a gst-plugins-base: add missing indirect dependency on atomics for pango
Also removed the redundant indirect dependencies on wchar, threads, mmu
(gstreamer depends on libglib2 so this indirect dependency is obvious).

[Peter: drop wchar+threads from comment as suggested by Jerzy Grzegorek]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-07 21:03:26 +01:00